We all authenticate ourselves and others without paying much attention to it in ordinary everyday routine. At work, we display identity card or scan finger, i.e. authenticate identity, to access a secured area. Same we ask to do to people seeking entry in our house. This casual, yet important activity helps us keep potential threats and intruders away. You would not let an unknown person enter your premise without knowing the purpose and verifying his identity. For example, when a cable TV technician comes to fix your TV, you first confirm that there is indeed complain registered by someone in the family and verify the technician’s identity, and then grant him or her access to your house. We also authenticate ourselves digitally while logging in to email or social media account, perform a financial transaction or book a movie ticket online. When authenticating people in physical world, we ask for ID cards or badge or a piece of information, like you may seek an ID or the complaint registration number from TV technician in above example.

Traditionally, authentication in digital world is performed with PINs, passwords, security questions, etc. These methods have been a proven way to authenticate your online identity and have been in use since the early days of the internet. Initially, internet served its purpose as a communication channel and a medium to store and share information. With time, dependence over the internet has increased drastically and today even high volume payment transactions, information related with national security, military information are being transmitted via the internet. Unfortunately, information security over the internet is not as great as dependence over it. Incidents related with information security and identity fraud have been claiming news space more frequently in recent years. Credit card information and online card transactions particularly interest hackers. They keep coming up with new methods to steal credit card information and commit fraud. They can even clone your beloved payment card and use it at a location thousands of miles away from the jurisdiction of your country.

Image: Specimen image of a biometric credit card announced by Mastercard.

Why hackers are after your payment card information?

Banking and payment card information are a perpetual target of cyber-criminals. They know that a right combination of numbers can empty card holder’s account and fill theirs, so they do everything they can to steal credit card information. Sniffing devices to intercept payment information; stealing credit card information stored at POS terminals; bugged card readers, credit card cloning, etc. are some of the methods hackers leverage to steal card information. It is easy to authenticate a transaction using a credit card since it uses a possession based method (the card itself) to make payments, however, this approach opens doors to some serious loopholes. Credit card service providers like Mastercard and VISA use different methods, like chip based plastic cards, predictive fraud analysis, transaction alerts, encryption, etc. to prevent fraud.

Implementing above countermeasures did result in reduced numbers of credit card fraud, however, failed to completely eliminate it. Hackers find their way around and incidents of fraud still take place around the world. In fact, global credit card fraud is set to exceed $35.54 billion in 2020, up from $16.3 billion in 2014, according to The Nilson Report.

Mastercard brings biometric security to credit cards

Prevention of credit card fraud has been an issue that financial institutions are still not able to resolve completely. Despite their detailed fraud prevention tactics, fraudsters get a step ahead and commit financial crimes. Implementation of multiple security procedures also complicates the payment process and it becomes time consuming for customers. Among this authentication chaos, Mastercard recently introduced an innovative and secure way to authorize credit card payments: A Biometric Credit Card. Mastercard is one of the biggest names among financial services institutions that provide electronic fund transfer services throughout the world. It processes payments between the banks of merchants and the card issuing banks or credit unions of the purchasers who use the “Mastercard” brand debit and credit cards.

Image: Michelle van Schalkwyk, Head of Brand at Pick n Pay Store, pays for her shopping using her fingerprint to authenticate the transaction during the first global trial of the Mastercard biometric card in South Africa.

Biometric credit card introduced by Mastercard looks like just any plastic chip and pin credit card, except the fact that it also has a fingerprint sensor embedded on it. Mastercard announced the biometric card on April 20, 2017. This announcement marked the day in history of biometrics as well as payments cards to add a biometric authentication layer to secure credit cards and prevent fraud. With biometric card, customers no more need to enter their PIN while struggling to hide the keypad of the card reader. Just the touch of your fingertip is enough to authenticate a payment. This new payment method is under trial in South Africa with plans to expend it to other parts of the world later in the year.

Making payments with fingerprints is easier and securer

Cardholder can enroll their biometric card by registering with their financial institution. Fingerprint of the cardholder is captured at the facility. Up to two fingers can be registered for authentication; however, both the fingers should belong to the card holder. No other person’s finger can be registered to authenticate payments. The fingerprint is converted to an encrypted digital reference template and stored on the card. This stored template is used to compare with the fingerprint provided at a PoS. Payment only gets authenticated only when fingerprint comes from a genuine cardholder.

Authenticating payments with biometric credit card is easier than traditional cards. Following three step process is all it takes to make a PIN-less biometric payment:

To make a payment, cardholder needs to insert card into card reader and place his/her fingertip on the fingerprint sensor of the card. The fingerprint sensor is a dark square with rounded corners as the specimen card shows in the image above.

Fingerprint sensor captures the digital image of the cardholder’s fingerprint. This digital image is compared with the reference template already stored on the card, to make sure that cardholder is the genuine owner of the card.

If both the images match, cardholder identity gets authenticated and payment is made. The transaction is then approved by the bank.

There is absolutely no need to remember and enter PIN, ever.

On the occasion, Ajay Bhalla, president, enterprise risk and security at Mastercard commented:

“Consumers are increasingly experiencing the convenience and security of biometrics, whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected.”

Conclusion

Authentication technology is dramatically changing the way identities are verified and biometric is set to take over identification and authentication process in all sectors. With biometric applications, people get their identity authenticated without the need of human intervention. It is not just payment cards that biometrics has marked its presence to. Many banks and financial institutions around the globe have already integrated face biometrics with their mobile banking apps, popularly called “Selfie Pay”, in which users can authenticate a payment just by capturing their face with the smartphone camera. Smartphones have many ways to track user activity including behavioural biometrics, unlike payment cards, which had to rely on methods like PINs or OTPs to secure payments. However, that seems to be changing with biometrics now. Biometric payment cards have ability to fill the gap left by traditional card, making payments easier, faster and securer than ever.

About The Author

Danny Thakkar is the co-founder of Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.